When the US Treasury sanctioned Tornado Cash in 2022, it sent shockwaves through crypto. For the first time, smart contract addresses appeared on the OFAC SDN list. Understanding how sanctions work—and how they interact with stablecoin blacklists—is essential for anyone operating in crypto.
Sanctions overview
International sanctions are economic restrictions imposed by governments to achieve foreign policy goals. They can target countries, organizations, or individuals, and they restrict what financial dealings are permitted.
OFAC (US)
Office of Foreign Assets Control
Part of the US Treasury. Administers the SDN (Specially Designated Nationals) list.
Has extraterritorial reach—affects anyone using USD or US financial system.
EU Sanctions
European Union
Maintained by the Council of the European Union. Binding on all EU member states
and their residents. Often aligns with but is distinct from OFAC.
UN Sanctions
United Nations Security Council
Binding on all UN member states. Generally focused on terrorism, nuclear
proliferation, and human rights. Often the baseline for national sanctions.
Multiple jurisdictions apply
You may be subject to sanctions from multiple jurisdictions simultaneously. A European exchange using USD-denominated stablecoins must comply with both EU sanctions AND OFAC requirements.
OFAC and the SDN list
OFAC maintains the SDN (Specially Designated Nationals) list—a database of individuals, entities, and now cryptocurrency addresses that US persons are prohibited from transacting with.
What's on the SDN list?
Individuals
Named persons associated with sanctioned regimes, terrorism, or organized crime.
Entities
Companies, organizations, government bodies that are sanctioned.
Vessels & Aircraft
Ships and planes used for sanctions evasion or by sanctioned parties.
Crypto Addresses
Since 2018, OFAC has included cryptocurrency wallet addresses directly on the SDN list.
Who must comply?
OFAC sanctions apply to:
- US persons - Citizens, residents, and anyone physically in the US
- US companies - Including foreign subsidiaries in many cases
- Transactions in USD - Even between non-US parties, if cleared through US banks
- US-origin goods/services - Including software and technology
The Tornado Cash precedent
In August 2022, OFAC sanctioned Tornado Cash, an Ethereum mixing protocol. This was unprecedented: it was the first time OFAC sanctioned smart contract addresses rather than just individuals or companies.
OFAC sanctions Tornado Cash
38 Ethereum addresses associated with the protocol added to SDN list. OFAC cites use by North Korean hackers to launder $455M from Axie Infinity hack.
Immediate industry response
Circle freezes USDC in Tornado-associated addresses. GitHub removes Tornado Cash repositories. Major DeFi protocols block sanctioned addresses.
Legal challenges begin
Coin Center and others challenge the sanctions as unconstitutional. Argument: you can't sanction code, only people.
Fifth Circuit ruling
Court rules OFAC exceeded its authority by sanctioning immutable smart contracts. Case ongoing with uncertain final outcome.
What Tornado Cash means for you
Regardless of the legal outcome, the practical impact was immediate:
Addresses interacting with Tornado were flagged
Even legitimate privacy use cases resulted in addresses being marked by compliance tools. Many users found themselves unable to use major exchanges.
Stablecoin issuers acted preemptively
Circle froze USDC at addresses connected to Tornado Cash, demonstrating that sanctions compliance trumps user autonomy.
Proximity became a compliance concern
Not just direct Tornado users, but addresses that received funds from Tornado users faced enhanced scrutiny.
EU and UN sanctions
While OFAC gets the most attention in crypto, EU and UN sanctions also matter:
EU Sanctions
The EU maintains its own consolidated sanctions list, which often—but not always— aligns with US sanctions. Key differences:
UN Sanctions
UN Security Council sanctions are binding on all UN member states and often form the foundation for national sanctions programs:
How stablecoin issuers respond
Stablecoin issuers have adopted different approaches to sanctions compliance:
- Freezes OFAC-listed addresses proactively
- Works with law enforcement on sanctions evasion cases
- Has frozen addresses linked to sanctioned countries
- Less clear formal policy documentation
- Explicit OFAC compliance program
- Automatic screening against SDN list
- Froze Tornado Cash-linked addresses immediately
- Published transparency on sanctions freezes
No stablecoin is sanctions-neutral
All major USD stablecoins have connections to the US financial system that make OFAC compliance effectively mandatory. Even DAI, a decentralized stablecoin, is backed partly by USDC and thus inherits some sanctions exposure.
Protecting yourself
Whether you're an individual user or running a business, here's how to manage sanctions exposure:
Screen counterparties
Before large transactions, check addresses against OFAC SDN list and stablecoin blacklists. Tools like Eagle Virtual aggregate this data.
Avoid mixing services
Regardless of your intent, using Tornado Cash or similar mixers creates sanctions exposure. The privacy benefit isn't worth the compliance risk.
Document transactions
Keep records of counterparty information, transaction purposes, and any screening you performed. This helps if questions arise later.
Monitor ongoing exposure
Sanctions designations happen without warning. Set up monitoring for addresses you've transacted with in case they become sanctioned later.
Understand your jurisdiction
Different sanctions apply in different places. Know which sanctions regimes apply to you based on your citizenship, residence, and business operations.
Seek legal advice
For business operations, consult with lawyers who understand both crypto and sanctions law. This area is complex and evolving rapidly.